Description This article describes configuration about policy-based
IPsec tunnel with FortiGate's GUI where both sides have static IP. Scope
FortiGate. Solution Steps to configure policy-based IPsec tunnel:
Configure FotiGate1. Step 1:Enable 'Policy ...
Description This article describes why radius user bypasses 2FA while
connecting to SSL VPN. Scope FortiGate. Solution Note:
username-case-sensitive is enabled under the Radius server configuration
(i.e. config user radius). config user radius edit "...
Description This article describes the difference between 'set weight'
under BGP neighbor, and 'set set-weight' under BGP route-map. Scope
FortiGate. Solution Using the weight parameter under the route map gives
the granular control over each route f...
Description This article describes how to use namespace while
configuring SAML between Azure(Idp) and Fortigate(SP) Scope FortGate.
Solution In some cases, namespaces are configured by default for
username and group claims on Azure for SAML configura...
Description This article explains SoftIrqs, what causes them to increase
in frequency or show high variations, and some ways to check for them in
FortiGate. Scope FortiGate. Solution A SoftIrq is a software interrupt.
It occurs when traffic reaches t...
Hello @jaypat, Confirm if generating host key from sshkeygen looks like
the format below(example): ssh-rsa
AAAAAAAAAAAAhaslkdjalkdsmx;asmscx;la,x;l,alsx,a
asdiohjfwidpokpco,zx;kcjmascpkas;xka;lkx;lakx;laksp - Try to copy the
whole text paste it to no...
Hello @james_hull, I understand your concern, instead of adding
malicious IPs manually, you can make this process dynamic. Please refer
to this article which will certainly block the ip address if there is an
invalid user connection attempt being mad...
Hello @Marcos_FDS1012,Regardless if its a different VPN's DNS taking
over your local DNS due to which you are facing issues with FSSO. They
should be capable of using split DNS. If its not the case. Please
elaborate the issue in detailed manner. Than...
Hello @Marcos_FDS1012, Based on you description, it seems like you would
like to prioritize machine's DNS over VPN? Please try using split DNS
under vpn configuration. Split DNS for SSL VPN portals allows to specify
which domains are resolved by the ...